DPP2: Extend TCP encapsulation case to support Configurator as Initiator

This allows DPP_AUTH_INIT to be used with tcp_addr=<dst> argument and
Configurator parameters to perform Configurator initiated DPP
provisioning over TCP. Similarly, DPP_CONTROLLER_START can now be used
to specify Configurator/Enrollee roles and extend Controller to work in
Enrollee role.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Jouni Malinen 2020-05-12 14:25:15 +03:00 committed by Jouni Malinen
parent 0086c14528
commit db59827a3c
3 changed files with 41 additions and 14 deletions

View file

@ -358,6 +358,7 @@ struct dpp_relay_config {
struct dpp_controller_config { struct dpp_controller_config {
const char *configurator_params; const char *configurator_params;
int tcp_port; int tcp_port;
u8 allowed_roles;
}; };
#ifdef CONFIG_TESTING_OPTIONS #ifdef CONFIG_TESTING_OPTIONS

View file

@ -139,6 +139,7 @@ dpp_relay_controller_get(struct dpp_global *dpp, const u8 *pkhash)
static void dpp_controller_gas_done(struct dpp_connection *conn) static void dpp_controller_gas_done(struct dpp_connection *conn)
{ {
struct dpp_authentication *auth = conn->auth; struct dpp_authentication *auth = conn->auth;
void *msg_ctx;
if (auth->peer_version >= 2 && if (auth->peer_version >= 2 &&
auth->conf_resp_status == DPP_STATUS_OK) { auth->conf_resp_status == DPP_STATUS_OK) {
@ -147,7 +148,11 @@ static void dpp_controller_gas_done(struct dpp_connection *conn)
return; return;
} }
wpa_msg(conn->ctrl->global->msg_ctx, MSG_INFO, DPP_EVENT_CONF_SENT); if (conn->ctrl)
msg_ctx = conn->ctrl->global->msg_ctx;
else
msg_ctx = auth->msg_ctx;
wpa_msg(msg_ctx, MSG_INFO, DPP_EVENT_CONF_SENT);
dpp_connection_remove(conn); dpp_connection_remove(conn);
} }
@ -196,8 +201,8 @@ static int dpp_tcp_send(struct dpp_connection *conn)
conn->read_eloop = 1; conn->read_eloop = 1;
if (conn->on_tcp_tx_complete_remove) { if (conn->on_tcp_tx_complete_remove) {
dpp_connection_remove(conn); dpp_connection_remove(conn);
} else if (conn->ctrl && conn->on_tcp_tx_complete_gas_done && } else if (conn->auth && (conn->ctrl || conn->auth->configurator) &&
conn->auth) { conn->on_tcp_tx_complete_gas_done) {
dpp_controller_gas_done(conn); dpp_controller_gas_done(conn);
} else if (conn->on_tcp_tx_complete_auth_ok) { } else if (conn->on_tcp_tx_complete_auth_ok) {
conn->on_tcp_tx_complete_auth_ok = 0; conn->on_tcp_tx_complete_auth_ok = 0;
@ -699,8 +704,9 @@ static int dpp_controller_rx_conf_result(struct dpp_connection *conn,
{ {
struct dpp_authentication *auth = conn->auth; struct dpp_authentication *auth = conn->auth;
enum dpp_status_error status; enum dpp_status_error status;
void *msg_ctx;
if (!conn->ctrl) if (!conn->ctrl && (!auth || !auth->configurator))
return 0; return 0;
wpa_printf(MSG_DEBUG, "DPP: Configuration Result"); wpa_printf(MSG_DEBUG, "DPP: Configuration Result");
@ -710,10 +716,14 @@ static int dpp_controller_rx_conf_result(struct dpp_connection *conn,
"DPP: No DPP Configuration waiting for result - drop"); "DPP: No DPP Configuration waiting for result - drop");
return -1; return -1;
} }
if (conn->ctrl)
msg_ctx = conn->ctrl->global->msg_ctx;
else
msg_ctx = auth->msg_ctx;
status = dpp_conf_result_rx(auth, hdr, buf, len); status = dpp_conf_result_rx(auth, hdr, buf, len);
if (status == DPP_STATUS_OK && auth->send_conn_status) { if (status == DPP_STATUS_OK && auth->send_conn_status) {
wpa_msg(conn->ctrl->global->msg_ctx, MSG_INFO, wpa_msg(msg_ctx, MSG_INFO,
DPP_EVENT_CONF_SENT "wait_conn_status=1"); DPP_EVENT_CONF_SENT "wait_conn_status=1");
wpa_printf(MSG_DEBUG, "DPP: Wait for Connection Status Result"); wpa_printf(MSG_DEBUG, "DPP: Wait for Connection Status Result");
eloop_cancel_timeout( eloop_cancel_timeout(
@ -725,11 +735,9 @@ static int dpp_controller_rx_conf_result(struct dpp_connection *conn,
return 0; return 0;
} }
if (status == DPP_STATUS_OK) if (status == DPP_STATUS_OK)
wpa_msg(conn->ctrl->global->msg_ctx, MSG_INFO, wpa_msg(msg_ctx, MSG_INFO, DPP_EVENT_CONF_SENT);
DPP_EVENT_CONF_SENT);
else else
wpa_msg(conn->ctrl->global->msg_ctx, MSG_INFO, wpa_msg(msg_ctx, MSG_INFO, DPP_EVENT_CONF_FAILED);
DPP_EVENT_CONF_FAILED);
return -1; /* to remove the completed connection */ return -1; /* to remove the completed connection */
} }
@ -973,7 +981,7 @@ static int dpp_controller_rx_gas_req(struct dpp_connection *conn, const u8 *msg,
wpa_printf(MSG_DEBUG, wpa_printf(MSG_DEBUG,
"DPP: Received DPP Configuration Request over TCP"); "DPP: Received DPP Configuration Request over TCP");
if (!conn->ctrl || !auth || if (!auth || (!conn->ctrl && !auth->configurator) ||
(!auth->auth_success && !auth->reconfig_success)) { (!auth->auth_success && !auth->reconfig_success)) {
wpa_printf(MSG_DEBUG, "DPP: No matching exchange in progress"); wpa_printf(MSG_DEBUG, "DPP: No matching exchange in progress");
return -1; return -1;
@ -1049,7 +1057,10 @@ static int dpp_tcp_rx_gas_resp(struct dpp_connection *conn, struct wpabuf *resp)
wpa_printf(MSG_DEBUG, wpa_printf(MSG_DEBUG,
"DPP: Configuration Response for local stack from TCP"); "DPP: Configuration Response for local stack from TCP");
if (auth)
res = dpp_conf_resp_rx(auth, resp); res = dpp_conf_resp_rx(auth, resp);
else
res = -1;
wpabuf_free(resp); wpabuf_free(resp);
if (res < 0) { if (res < 0) {
wpa_printf(MSG_DEBUG, "DPP: Configuration attempt failed"); wpa_printf(MSG_DEBUG, "DPP: Configuration attempt failed");
@ -1135,7 +1146,8 @@ static int dpp_rx_gas_resp(struct dpp_connection *conn, const u8 *msg,
return -1; return -1;
wpabuf_put_data(buf, pos, slen); wpabuf_put_data(buf, pos, slen);
if (!conn->relay && !conn->ctrl) if (!conn->relay &&
(!conn->ctrl || (conn->ctrl->allowed_roles & DPP_CAPAB_ENROLLEE)))
return dpp_tcp_rx_gas_resp(conn, buf); return dpp_tcp_rx_gas_resp(conn, buf);
if (!conn->relay) { if (!conn->relay) {
@ -1405,8 +1417,7 @@ int dpp_controller_start(struct dpp_global *dpp,
ctrl->configurator_params = ctrl->configurator_params =
os_strdup(config->configurator_params); os_strdup(config->configurator_params);
dl_list_init(&ctrl->conn); dl_list_init(&ctrl->conn);
/* TODO: configure these somehow */ ctrl->allowed_roles = config->allowed_roles;
ctrl->allowed_roles = DPP_CAPAB_ENROLLEE | DPP_CAPAB_CONFIGURATOR;
ctrl->qr_mutual = 0; ctrl->qr_mutual = 0;
ctrl->sock = socket(AF_INET, SOCK_STREAM, 0); ctrl->sock = socket(AF_INET, SOCK_STREAM, 0);

View file

@ -3117,12 +3117,27 @@ int wpas_dpp_controller_start(struct wpa_supplicant *wpa_s, const char *cmd)
const char *pos; const char *pos;
os_memset(&config, 0, sizeof(config)); os_memset(&config, 0, sizeof(config));
config.allowed_roles = DPP_CAPAB_ENROLLEE | DPP_CAPAB_CONFIGURATOR;
if (cmd) { if (cmd) {
pos = os_strstr(cmd, " tcp_port="); pos = os_strstr(cmd, " tcp_port=");
if (pos) { if (pos) {
pos += 10; pos += 10;
config.tcp_port = atoi(pos); config.tcp_port = atoi(pos);
} }
pos = os_strstr(cmd, " role=");
if (pos) {
pos += 6;
if (os_strncmp(pos, "configurator", 12) == 0)
config.allowed_roles = DPP_CAPAB_CONFIGURATOR;
else if (os_strncmp(pos, "enrollee", 8) == 0)
config.allowed_roles = DPP_CAPAB_ENROLLEE;
else if (os_strncmp(pos, "either", 6) == 0)
config.allowed_roles = DPP_CAPAB_CONFIGURATOR |
DPP_CAPAB_ENROLLEE;
else
return -1;
}
} }
config.configurator_params = wpa_s->dpp_configurator_params; config.configurator_params = wpa_s->dpp_configurator_params;
return dpp_controller_start(wpa_s->dpp, &config); return dpp_controller_start(wpa_s->dpp, &config);